The number of cyberattacks by Iran on targets in Israel has doubled in the past year, the director general of the Israeli Nation Cyber Directorate (INCD) has told Tech Monitor. Gaby Portnoy says other countries in the region have also been feeling the effects of attacks from Iranian cybercriminals and called for greater data sharing between governments.
Speaking to Tech Monitor at the Cybertech Conference in Tel Aviv, Portnoy said his organisation has thwarted 1,000 potential cyberattacks over the past year, far outstripping its neighbours. One of these neighbours is, in fact, a big part of the problem, he says.
Iran’s cyberattacks against Israel doubled in the past year, explains Portnoy. Other countries in the region have felt the same pressure, from cyber espionage to ransomware and attacks on critical national infrastructure (CNI). There is one solution to this, he says: to unite and share information. “It’s all about data,” says Portnoy, but alliances like these also have their risks.
How Iran has been targeting Israel with cyberattacks
In the first quarter of 2022 cyberattack attempts against Israel jumped by 137%, prompting the INCD to start work on a cyber equivalent to its Iron Dome air defence system. The so-called “cyber dome” is central to Israel’s defences against Iranian state-backed cyberattacks, says Portnoy. This comes with creating agreements with neighbouring counties to share data, massively increasing visibility and boosting the chances of protection for all the countries’ CNI.
Iran’s aggressive cyber stance has increased unremittingly over the past decade, since the early recordings of the Madi malware in the summer of 2012. Specialists at Microsoft have warned about the growing number of supply chain attacks conducted by hacker groups believed to receive support from the Iranian government. Microsoft has notified more than 40 IT companies about hacking attempts, states a report by security company Group IB. Indeed, Iranian APT group Moses Staff is the second-most prolific cybercrime group in the Middle East and Africa, behind only LockBit, according to Group IB’s research. Israel incurred 16% of all the cyberattacks in the region over this timeframe.
“There are 200 attacks a month on Israel by Iran,” Portnoy claims. “Last year there were 88 attacks per month on average.” This reflects an increasing number of adversaries, he continues. “The [number of] groups involved also grew, from six to 14,” he says. “They are investing in cyber because they understand the space and how we act within it.”
The cyber dome is key to warding off such a threat, and the key to a successful cyber dome is data collection, he says. “It’s not about technology because technology and techniques often change, it’s about the data collection, fusing that data and analysing it. This is the vision.”
Israel calls for cooperation with neighbouring countries, but at what cost?
It is only possible to achieve this vision with the cooperation of neighbouring countries, against Iran, he continues. “We have to improve our trust with everybody, to share a lot more. We are currently working on a shared platform with the Abraham Accords countries – Bahrain, Morocco and the UAE,” he explains. The Abraham Accords is a treaty signed by the above countries in 2020.
Allying Israel comes with risks, however, not least because the government in Tel-Aviv is engaged in active cyberattacks against Iran, and software from Israeli companies such as NSO Group, developer of the controversial Pegasus spyware, is routinely used by governments around the world.
According to a report by security company Mordor intelligence, cyberattacks against the UAE increased once it announced political allegiance with Israel. “The United Arab Emirates has witnessed a more than 250% increase in cyberattacks during the pandemic,” states the report. “This sudden increase was also attributed to the activists against the UAE’s recognition of Israel and normalising the relationship between these countries.”
Closer ties to Israel are also not necessarily good news for citizens in Abraham Accords countries. According to a report released by Washington-based think tank the Middle Eastern Institute, the UAE was relying on the NSO group’s surveillance software in 2018 to spy on its population. There have since been reports of Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, and Saudi Arabia using the same technology in 2021.